Am 01.06.2010 16:34, schrieb Philippe Cerfon: > I have to scenarios: > A) Sofware RAID6, multiple partitions each to be encrypted. (Using the > kernel md for the software RAID) > B) Single SSD disk, multiple partitions each to be encrypted. > > > Regarding A: > 1) What is generally the best way to do this? I mean how to stack the > different levels of md/RAID, [LVM] (if used at all), dm-crypt. > I'd say one has about this: > (physical disk[s]) --> (MD/RAID6) --> (dm-crypt) --> ([LVM] if used at > all) --> filesystem > > Or is another order "better"? > I think having MD/RAID at the bottom makes sense (instead of dm-crypt > at the bottom), at this should make recovery easier, right? > I'm not sure whether I need LVM at all, but I think it makes only > sense to have it on top of dm-crypt in order to use to use it to > enlarge volumes. > I guess one cannot enlarge a LUKS "filesystem", even if the an > unterlying LVM volume would be enlarged? I have used both scenarios in the past. The LUKS volume does not know its payload size, so it will use the maximum space available. In the scenario LVM->dm-crypt: Once you enlarge the underlying LV, you can either 'cryptsetup resize' or 'cryptsetup luksClose && cryptsetup luksOpen' for the volume to get the new size. The former does not even require unmounting the file system. The scenario dm-crypt->LVM is easier, as there is no extra layer between the LV and filesystem. Combined with a file system that can do online resizing (like ext3 on newer kernels, or ext4), you can enlarge the file system transparently, without any downtime. Shrinking is obviously more complicated. These days, I use LVM on top of dm-crypt. However, a LUKS volume encrypted with aes-xts-plain should not be bigger than 1TB for security reasons (I read that here, don't know the exact reason), so this might be unsuitable for your needs. > 2) I guess at any of the levels from above, one can partition the > exported block device, right? > So e.g. partition the physical disks that each has one big sdX1, and > create the RAID on it _OR_ create the RAID directly on the disk > withoug partitioning. I wouldn't rely on partitions, LVM is way more flexible. (Having /boot on LVM might not work and require a small partition, depending on the bootloader) Sorry, but I am not familiar with the alignment questions you posted, although I think with 2.6.33 and up-to-date userspace, all alignments should be correct automatically without any specific interaction from your end. Someone else will probably give a definitive answer on that.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
